Comments (9)
chrislovecnm
commented on July 23, 2024
statefulset-controller create Pod crdb-0 in StatefulSet crdb failed error: Pod "crdb-0" is invalid: [spec.volumes[1].projected.sources[1].secret.name: Required value, spec.containers[0].volumeMounts[1].name: Not found: "certs"]
from cockroach-operator.
chrislovecnm
commented on July 23, 2024
in example.yaml we have a field:
nodeTLSSecret: GENERATEDThis is stopping the operator from creating a TLSecret, and I do not understand what the purpose of the field in the API is. https://github.com/cockroachdb/cockroach-operator/blob/master/api/v1alpha1/cluster_types.go#L18 is the definition.
We are checking to see if this field is empty and if it is the TLSSecret is generated.
I am guessing that we have this field in order to allow for custom certs. @johnrk is this a requirement?
from cockroach-operator.
chrislovecnm
commented on July 23, 2024
I think this allows for a user to create a Kubernetes secret that contains a certificate. Then use that secret as the cert when a cluster starts.
from cockroach-operator.
johnrk-zz
commented on July 23, 2024
@chrislovecnm , creating a secure cluster is a requirement. And I assume the former engineer working on this intended to enable that here.
@chrisseto , is this consistent with your understanding?
from cockroach-operator.
vladdy
commented on July 23, 2024
"nodeTLSSecret: GENERATED" was used in the past implementation to force the operator to generate k8s cluster signed SSL certificates when they were not provided. This was done to match the functionality existing in the Helm chart. Later, I simplified it so that the generation happens if TLSEnabled is set to true but no secrets are provided.
from cockroach-operator.
chrislovecnm
commented on July 23, 2024
@vladdy thanks! I was wondering if you going to allow for the naming of the secrets with the self-signed certs in them. Would be great to set up 1/2 hour say next week. I need to document the API and I think it would be great to get more information from you.
from cockroach-operator.
vladdy
commented on July 23, 2024
@chrislovecnm, sure we can chat. I've also created #49 to add more info. Unfortunately, it looks like I lost permissions to add reviewers, so I hope somebody will notice it.
from cockroach-operator.
chrislovecnm
commented on July 23, 2024
@johnrk this is complete. We need to document it and probably improve validation
from cockroach-operator.
chrislovecnm
commented on July 23, 2024
Closing - duplicate
from cockroach-operator.
Related Issues (20)
- vheck pod OOM HOT 2
- When creating a cluster the clusterstatus indicates 'failed', but the cluster successfully started. HOT 3
- Operator crashes when creating vcheck pod if an invalid value of topologySpreadConstraints.whenUnsatisfiable is given HOT 1
- [resources] Cannot set resources for initContainers HOT 3
- No affinity yaml template is applied on StatefulSets HOT 2
- operator status is ready before it's able to accept admission webhooks.
- Self hosted CA breaks readinessProbe HOT 3
- Parameterize VersionCheck Job resources HOT 3
- Allow additional volumes
- Allow creation of certificates for arbitrary users
- The self-signer rotate pod errors out when setting automountServiceAccountToken to false HOT 7
- Operator is vulnerable to misoperations and drives the cluster to broken state
- Operator stopped working after upgrading from to 2.7.0 to 2.10.0
- Push arm64 images to Docker Hub HOT 2
- Operator supported versions schedule HOT 2
- [bug] Can not upgrade to 23.1.1 due to vcheck job OOM HOT 2
- Add setting to define backup policy per cluster / operator
- Assign existing/custom `schedulerName` to StatefulSet HOT 2
- Additional certificate domain
- Allow k8s operator users to add labels to existing deployments
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cockroach-operator.